Deeplinkshttps://www.eff.org/es/rss/updates.xml/computer-fraud-and-abuse-act-reform
EFF's Deeplinks Blog: Noteworthy news from around the internetesPadmapper and 3Taps Settle Suit with craigslist over Use of Real Estate Factshttps://www.eff.org/es/deeplinks/2015/06/padmapper-and-3taps-settle-suit-craigslist-over-use-real-estate-facts
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">Padmapper and 3Taps ended their three-year <a href="https://www.eff.org/deeplinks/2013/04/craigslist-owns-what-you-did-last-summer">legal fight</a> with craigslist on Monday, <a href="https://3taps.com/papers/global%20settlement.PDF">agreeing </a>to stop using classified ad data from craigslist on their own sites. 3Taps has also <a href="https://3taps.com/">agreed </a>to pay craigslist $1 million on the condition that craigslist donate the money to EFF. While we’re pleased to receive a donation that will help us continue our mission of defending civil liberties online, we’re disappointed that the court won’t be affirming Padmapper and 3Taps’ right to use data from craigslist postings—data that can’t be copyrighted—to create innovative new tools.</p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><a href="https://3taps.com/">3taps </a>collected real-estate data from craigslist and made it available to other companies to use. One of those companies, <a href="http://www.padmapper.com/">Padmapper</a>, republished craigslist apartment listings over a map to enable users to view the listings geographically, a feature then unavailable on the craigslist site. Craigslist sued 3Taps, Padmapper, and others in 2012, invoking a variety of laws including copyright and the Computer Fraud and Abuse Act (CFAA) to stop these companies from using the real estate listings.</p>
<p class="MsoNormal"></p>
<p class="MsoNormal">EFF saw a lot of problems with craigslist’s legal claims: claiming copyright in users’ posts, attempts to transfer users' copyrights to themselves, and the claim that “scraping” or copying data from the site could be a CFAA violation. We <a href="https://www.eff.org/deeplinks/2013/06/eff-access-public-website-not-crime">told the court</a> that when a website makes data available to the public, copying it isn’t “unauthorized access” under the CFAA.</p>
<p class="MsoNormal">Judge Charles Breyer of the United States District Court for the Northern District of California made some <a href="https://www.eff.org/deeplinks/2013/08/court-rules-accessing-public-website-isnt-crime-hiding-your-ip-address-could-be">intermediate rulings</a> in the case, which were mixed. The court rejected some of craigslist’s copyright arguments but allowed its CFAA claim to go forward.</p>
<p>Unfortunately, yesterday’s settlement means the legal issues in the case won’t get a final hearing. According to the settlement <a href="https://3taps.com/papers/global%20settlement.PDF">agreement </a>published on 3Taps’ website, both 3Taps and Padmapper have agreed to stop using craigslist data. 3Taps will pay $1 million to craigslist, which will be donated to EFF in installments over ten years. Padmapper <a href="http://blog.padmapper.com/2015/06/29/onward/">posted </a>on its website yesterday that it will keep on running, using over 100 data sources to populate the rental listings on its mapping site, which number over 700,000 even without craigslist data.</p>
<p><span>This settlement doesn’t change any rules. Facts—like the address and details of an apartment for rent—can’t be copyrighted. And violating a website’s terms of service isn’t a CFAA violation. We’re pleased that craigslist, 3Taps, and Padmapper chose to make a generous donation to EFF as part of their lawsuit settlement, and that EFF’s principled commitment to users’ rights was an overarching value that aligned these disagreeing parties. But we’re also sorry to see craigslist succeed at blocking new and innovative uses of their data. Innovation doesn’t happen under one roof alone, and the right to innovate using lawful site scraping and non-copyrightable facts shouldn’t depend on the outcome of a legal war of attrition.</span></p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/intellectual-property">Fair Use and Intellectual Property: Defending the Balance</a></div><div class="field-item odd"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=Padmapper+and+3Taps+Settle+Suit+with+craigslist+over+Use+of+Real+Estate+Facts+https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F06%2Fpadmapper-and-3taps-settle-suit-craigslist-over-use-real-estate-facts" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F06%2Fpadmapper-and-3taps-settle-suit-craigslist-over-use-real-estate-facts&t=Padmapper+and+3Taps+Settle+Suit+with+craigslist+over+Use+of+Real+Estate+Facts" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F06%2Fpadmapper-and-3taps-settle-suit-craigslist-over-use-real-estate-facts" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=Padmapper and 3Taps Settle Suit with craigslist over Use of Real Estate Facts&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F06%2Fpadmapper-and-3taps-settle-suit-craigslist-over-use-real-estate-facts" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 01 Jul 2015 02:27:13 +0000Mitch Stoltz86571 at https://www.eff.orgNew Jersey Drops Investigation Into Tidbithttps://www.eff.org/es/deeplinks/2015/05/new-jersey-drops-investigation-tidbit
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">We’re happy to announce that the New Jersey Attorney General has dropped its investigation of Tidbit as detailed in a <a href="https://www.eff.org/document/consent-order">consent order</a> filed yesterday in Essex County Superior Court in New Jersey.</p>
<p class="MsoNormal">Tidbit was a project of four Massachusetts Institute of Technology (MIT) students who developed the software for a hackathon in November 2013. The software was envisioned as a substitute for website advertisements, allowing sites to instead monetize visits by using visitors’ computers to mine for Bitcoins. The Bitcoin mining function of the Tidbit code was never operable, however, and no Bitcoins were ever mined.</p>
<p class="MsoNormal">In December 2013, the state of New Jersey’s Division of Consumer Affairs issued a detailed <a href="https://www.eff.org/document/subpoena-jeremy-rubin-dba-tidbit">subpoena</a> and <a href="https://www.eff.org/document/interrogatories-jeremy-rubin-dba-tidbit">information</a> request to Jeremy Rubin, one of Tidbit’s developers, seeking extensive data from Tidbit, including its source code. Over the next eleven months, Tidbit <a href="https://www.eff.org/deeplinks/2014/02/eff-challenges-new-jersey-subpoena-issued-mit-student-bitcoin-developers">challenged</a> the subpoena in New Jersey state court, arguing that the state could not subpoena Rubin, who is a Massachusetts resident.</p>
<p class="MsoNormal">Ultimately, Judge Gary Furnari of the Essex County Superior Court upheld the subpoena but <a href="https://www.eff.org/document/court-opinion-dismissing-tidbits-complaint">noted</a> he had “serious concerns” that the state “may be acting to discourage creative and ‘cutting edge’ new technology” and that it appeared “the Tidbit program and other similar creative endeavors serve a useful and legitimate purpose” and had no “inherently improper or malicious intent or design.”</p>
<p class="MsoNormal">Tidbit declined to appeal and after lengthy negotiations with the state, entered into a written agreement resolving the investigation. Under the consent order, Tidbit would be subject to a $25,000 fine that will not be collected as long as it doesn’t violate New Jersey’s consumer or computer fraud laws over the next two years.</p>
<p class="MsoNormal">As the settlement makes clear, the students have not admitted to any wrongdoing or legal liability. And the state itself echoed the comments of Judge Furnari, noting in its <a href="http://nj.gov/oag/newsreleases15/pr20150526b.html">press release</a> “we do not believe Tidbit was created for the purpose of invading privacy.”</p>
<p class="MsoNormal">While we’re glad the case is resolved and these students can move on to other pursuits, we are nonetheless disappointed that the state of New Jersey pursued this case so vigorously when no Bitcoins were mined, no one’s privacy was invaded and no harm was done.</p>
<p class="MsoNormal">Instead, we think this subpoena was a clear overreach by the Attorney General that extracted to no meaningful benefit to the state. While the settlement agreement binds the students to comply with the law under the threat of severe monetary punishment, the students are of course already obliged to follow the law. Yet the cost of this agreement for these four young college students was great: Subjected to the threat of litigation, they ultimately abandoned their project before they had a chance to pursue and develop it. And as the MIT community warned the Attorney General, this misguided investigation will do nothing but deter others developers and innovators from pursuing their projects.</p>
<p class="MsoNormal">While we wish the Attorney General had not wasted taxpayer money that could and should have been better spent elsewhere, we are grateful that the investigation has concluded and the students are no longer faced with the burden of responding to the subpoena or the threat of time consuming and expensive litigation.</p>
<p class="MsoNormal">We thank our local counsel Frank L. Corrado of Barry Corrado &amp; Grassi, P.C. in Wildwood, New Jersey for his invaluable service in this case. </p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/cases/rubin-v-new-jersey-tidbit">Rubin v. New Jersey (Tidbit)</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=New+Jersey+Drops+Investigation+Into+Tidbit+https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F05%2Fnew-jersey-drops-investigation-tidbit" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F05%2Fnew-jersey-drops-investigation-tidbit&t=New+Jersey+Drops+Investigation+Into+Tidbit" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F05%2Fnew-jersey-drops-investigation-tidbit" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=New Jersey Drops Investigation Into Tidbit&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F05%2Fnew-jersey-drops-investigation-tidbit" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 27 May 2015 22:18:47 +0000Hanni Fakhoury86080 at https://www.eff.orgEFF Urges Oregon Supreme Court To Review Troubling Computer Crime Decision https://www.eff.org/es/deeplinks/2015/05/eff-urges-oregon-supreme-court-review-troubling-computer-crime-decision
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><span data-mce-mark="1">We’ve said it <a href="https://www.eff.org/deeplinks/2011/10/appeals-court-heeds-effs-advice-revisit-case-makes-terms-service-violations-crime">before</a> and we’ll say it <a href="https://www.eff.org/deeplinks/2015/03/violating-employers-computer-use-restriction-not-federal-crime">again</a>: violating a computer use restriction is not a crime. That’s why today EFF filed an <a href="https://www.eff.org/document/eff-nascimento-amicus-brief">amicus brief</a> urging the Oregon Supreme Court to review a <a href="https://www.eff.org/document/nascimento-court-appeals-decision">troubling opinion</a> by the Oregon Court of Appeals in <a href="https://www.eff.org/cases/oregon-v-nascimento"><em>State v. Nascimento</em></a><i>, </i>finding<i> </i>an employee committed a <a href="http://law.justia.com/codes/oregon/2013/volume-04/chapter-164/section-164.377/">computer crime</a> for violating her employer’s computer use restrictions. <span data-mce-mark="1"></span></span></p>
<p class="MsoNormal"><span data-mce-mark="1"></span><span data-mce-mark="1">Caryn Nascimento worked as a cashier at the deli counter of a convenience store. As part of her job, she was authorized to access a lottery terminal in the store to sell and validate lottery tickets for paying customers. Store policy prohibited employees from purchasing lottery tickets for themselves or validating their own lottery tickets while on duty. After a store manager noticed a discrepancy in the receipts from the lottery terminal, it was discovered that Nascimento had printed lottery tickets for herself without paying for them. She was ultimately convicted not only of first-degree theft, but also of computer crime on the ground that she accessed the lottery terminal “without authorization.”</span></p>
<p class="MsoNormal"><span data-mce-mark="1">Nascimento appealed the computer crime conviction. She argued that because she had permission to access the lottery terminal as part of her work duties, she did not access the terminal without authorization—as required under the Oregon's computer crime statute. Unfortunately, the Oregon Court of Appeals affirmed Nascimento’s conviction, finding she had only “limited authorization” to access the lottery terminal for purposes of printing and validating lottery tickets for paying customers, and acted without authorization when she printed them for herself. </span></p>
<p class="MsoNormal"><span>Nascimento filed a <a href="https://eff.org/document/nascimento-petition-review">petition for review</a>, asking the Oregon Supreme Court to review the decision and we filed an amicus brief in support of her petition. </span><span>As we explain to the Oregon Supreme Court, review is necessary because the Court of Appeals’ decision transforms millions of unsuspecting individuals into criminals on the basis of innocuous, everyday behavior—such as checking personal email or playing solitaire on a work computer. Such restrictions, frequently included in employers’ computer policies, are no different than the restriction imposed on Nascimento. They're ultimately all computer <span><em>use</em>, not access,<em> </em>restrictions. </span>Upholding Nascimento’s conviction on the basis of a violation of a computer use restriction expands Oregon’s computer crime statute to criminalize violations of <i>any</i> computer use restriction. </span><span>Two federal courts of appeal—the </span><a href="https://scholar.google.com/scholar_case?q=wec+carolina+v.+miller&amp;hl=en&amp;as_sdt=2006&amp;case=6169771297475294416&amp;scilh=0">Fourth</a> <span>and</span><span> </span><a href="https://www.eff.org/press/releases/appeals-court-rules-violating-corporate-policy-not-computer-crime">Ninth</a><span> </span><span>Circuits—have explicitly rejected an expansive interpretation of parallel language in the federal computer crime statute, the </span><a href="https://www.eff.org/issues/cfaa">Computer Fraud and Abuse Act (“CFAA”),</a><span> for precisely this concern about turning millions of innocent people into criminals.</span></p>
<p class="MsoNormal"><span data-mce-mark="1">This case is dangerous because </span><span data-mce-mark="1">it gives employers—and website owners—the power to make behavior illegal just by stating in a written computer use policy that it’s not allowed. For example, a worker could be prosecuted for reading personal email or checking the score of a baseball game if her employer’s policy says that company computers may be used only for work-related purposes. Or, because Facebook’s <a href="https://www.facebook.com/legal/terms">terms of use</a> prohibit users from providing false person information, a Facebook user could be prosecuted for shaving a few years off her age in her profile.</span></p>
<p class="MsoNormal"><span>We hope the Oregon Supreme Court recognizes the dangers of such an expansive interpretation of the state's computer crime statute, and grants</span><span> Nascimento’s petition for review. </span><span></span></p>
<p class="MsoNormal"><span>Special thanks to our local counsel, <a href="http://civilrightspdx.com/index.php?attorney=6"><span><span>J. Ashlee <span>Albies</span></span></span></a></span><span><span> of </span></span><span><span>Creighton &amp; Rose, PC in Portland, Oregon.</span></span><span><br /></span><span></span></p>
</div></div></div><div class="field field-name-field-files field-type-file field-label-above"><div class="field-label">Files:&nbsp;</div><div class="field-items"><div class="field-item even"><span class="file"><img class="file-icon" alt="" title="application/pdf" src="/modules/file/icons/application-pdf.png" /> <a href="https://www.eff.org/files/2015/05/13/nascimento_final_eff_amicus_brief_0.pdf" type="application/pdf; length=278025" title="nascimento_final_eff_amicus_brief.pdf">EFF Nascimento Amicus Brief</a></span></div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/cases/oregon-v-nascimento">Oregon v. Nascimento</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=EFF+Urges+Oregon+Supreme+Court+To+Review+Troubling+Computer+Crime+Decision++https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F05%2Feff-urges-oregon-supreme-court-review-troubling-computer-crime-decision" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F05%2Feff-urges-oregon-supreme-court-review-troubling-computer-crime-decision&t=EFF+Urges+Oregon+Supreme+Court+To+Review+Troubling+Computer+Crime+Decision+" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F05%2Feff-urges-oregon-supreme-court-review-troubling-computer-crime-decision" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=EFF Urges Oregon Supreme Court To Review Troubling Computer Crime Decision &url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F05%2Feff-urges-oregon-supreme-court-review-troubling-computer-crime-decision" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 13 May 2015 19:18:42 +0000Jamie Williams85778 at https://www.eff.orgAaron’s Law Reintroduced: CFAA Didn’t Fix Itselfhttps://www.eff.org/es/deeplinks/2015/04/aarons-law-reintroduced-cfaa-didnt-fix-itself
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Aaron’s law, the proposed law named in honor of Internet hero Aaron Swartz was <a href="http://www.wyden.senate.gov/news/press-releases/wyden-lofgren-paul-introduce-bipartisan-bicameral-aarons-law-to-reform-abused-computer-fraud-and-abuse-act-">reintroduced</a> last week by Rep. Zoe Lofgren (D-Calif.) and Senator Wyden (D-Ore.), with new co-sponsor Senator Rand Paul (R-Ky.). This bill is the same as the one <a href="https://www.eff.org/deeplinks/2013/06/aarons-law-introduced-now-time-reform-cfaa">introduced</a> in 2013 and we call upon Congress to move it forward.</p>
<p>The CFAA is one of the laws that is misused by prosecutors, piling on potential jail time to relatively minor charges in order to ratchet up pressure on defendants and get them to plead guilty rather than risk trial. In the time since Aaron's tragic death, EFF has <a href="https://www.eff.org/password-sharing-is-not-a-crime">continued</a> <a href="https://www.eff.org/deeplinks/2015/03/violating-employers-computer-use-restriction-not-federal-crime">to see</a> misuses of the CFAA in prosecutions across the country. While this bill wouldn’t fix everything that is wrong with the law, it would ensure that people won't face criminal liability for violating a terms of service agreement or other solely contractual agreements. It would also rein in some of the potential for prosecutorial discretion by limiting penalties and stop some of the game playing with duplicate charges that we continue to see. More specifics on our website, along with links to EFF’s ongoing work in the courts can be found on our <a href="//www.eff.org/issues/cfaa"> CFAA Issue</a> page.</p>
<p>We’re pleased to see Senator Paul on the list of sponsors, along with Reps. Jim Sensenbrenner (R-Wis.), Mike Doyle (D-Pa.), Dan Lipinski (D-Ill.) and Jared Polis (D-Colo.). With increasing concerns raised about overcriminalization and overreaching by the police and prosecutors across the country, fixing the CFAA should be on any list for criminal justice reform.</p>
<p>And equally important, it appears that we may need to stop Congress from making the law worse. Recently Senators Kirk (R-Ill.) and Gillibrand (D-NY) announced the <a href="https://www.gillibrand.senate.gov/newsroom/press/release/as-data-breaches-in-new-york-triple-gillibrand-announces-bipartisan-cyber-security-measures-to-better-prepare-businesses-and-protect-consumers-against-from-attacks"><em>Data Breach Notification and Punishing Cyber Criminals Act,</em></a><em> </em>in which they threatened to increase the already out-of-proportion penalties for "obtaining information from a protected computer without authorization," the key phrase in the CFAA. Dressed up as an answer to data breaches, this proposal is yet another way to avoid addressing the real issues with data breaches: the lack of strong incentives for industry to keep our data safe and the FBI's concerted efforts to reduce the security we could all enjoy through the use of strong encryption.</p>
<p>We hope Congress moves Aaron's law forward.</p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/cases/united-states-v-gilberto-valle">United States v. Gilberto Valle</a></div><div class="field-item odd"><a href="/es/cases/u-s-v-nosal">United States v. David Nosal</a></div><div class="field-item even"><a href="/es/cases/us-v-auernheimer">United States v. Andrew Auernheimer</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=Aaron%E2%80%99s+Law+Reintroduced%3A+CFAA+Didn%E2%80%99t+Fix+Itself+https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F04%2Faarons-law-reintroduced-cfaa-didnt-fix-itself" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F04%2Faarons-law-reintroduced-cfaa-didnt-fix-itself&t=Aaron%E2%80%99s+Law+Reintroduced%3A+CFAA+Didn%E2%80%99t+Fix+Itself" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F04%2Faarons-law-reintroduced-cfaa-didnt-fix-itself" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=Aaron%E2%80%99s Law Reintroduced%3A CFAA Didn%E2%80%99t Fix Itself&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F04%2Faarons-law-reintroduced-cfaa-didnt-fix-itself" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 29 Apr 2015 17:52:08 +0000Cindy Cohn85608 at https://www.eff.orgIs This Justice? Charging an Eighth Grader with a Felony for “Hacking”https://www.eff.org/es/deeplinks/2015/04/justice-charging-eight-grader-felony-hacking
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">A 14-year-old eighth grader in Florida, Domanik Green, has been <a href="http://www.tampabay.com/news/publicsafety/crime/middle-school-student-charged-with-cyber-crime-in-holiday/2224827">charged</a> with a felony for “hacking” his teacher’s computer. The “hacking” in this instance was using a widely known password to change the desktop background of his teacher’s computer with an image of two men kissing. The outrage of being charged with a felony for what essentially amounts to a misguided prank should be familiar to those who follow how computer crimes are handled by our justice system.</p>
<p class="MsoNormal">Usually, when it comes to bad laws related to computer hacking, or unauthorized access, the focus is the federal <a href="https://www.eff.org/issues/cfaa">Computer Fraud and Abuse Act (CFAA)</a>. However, this instance highlights that <a href="http://www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-access-laws.aspx">many states have their own version</a> of the federal statute, with their own overbroad and insensible language, <a href="http://www.leg.state.fl.us/statutes/index.cfm?App_mode=Display_Statute&amp;URL=0800-0899/0815/0815.html">including Florida</a>.</p>
<p class="MsoNormal">In fact, the Florida statute is even harsher than the CFAA. A lowest level offense under CFAA (1030(c)(2)(A)) is a misdemeanor, but in Florida, the lowest level offense (815.06(2)(A)) is a felony. Furthermore, the Florida statute also neglects to define what “authorized” or “unauthorized” means, and under these facts a reasonable person may think they are authorized if the passwords had been widely used by students. <span></span></p>
<p class="MsoNormal"><span>In explaining why felony charges were brought against the teenager, Pasco County Sheriff Chris Nocco stated:</span></p>
<blockquote><p class="MsoNormal"><span>Even though some might say this is just a teenage prank, who knows what this teenager might have done...</span></p>
</blockquote>
<p class="MsoNormal"><span>The teacher’s computer reportedly had sensitive encrypted information related to the Florida Comprehensive Assessment Test (FCAT). However, the school and the sheriff have admitted that they found no evidence that the student tampered with or </span><a href="http://www.wtsp.com/story/news/local/2015/04/09/pasco-teen-hacker/25532553/"><span>even intended</span></a><span> to tamper with those files. Additionally, it has been </span><a href="http://arstechnica.com/security/2015/04/eighth-grader-charged-with-felony-for-shoulder-surfing-teachers-password/"><span>reported</span></a><span> that the school had terrible operational security where weak passwords, teachers entering passwords in front of students, and students regularly using teacher credentials, were prevalent. This further highlights the complications of using a statute to prosecute crimes that does not clearly define what it aims to criminalize. </span></p>
<p class="MsoNormal"><span>Undeterred, the Sheriff goes on to say:</span></p>
<blockquote><p class="MsoNormal"><span>If information comes back to us and we get evidence (that other kids have done it), they're going to face the same consequences…</span></p>
</blockquote>
<p class="MsoNormal"><span>The arbitrary practice of how computer crime laws are applied is not just an exclusive feature of federal prosecutorial discretion, but local law enforcement also engages in such behavior. The idea of giving prosecutors and police discretion on charging decisions is generally seen as a good thing, but the plight of Domanik Green shows otherwise. The aggressive use of discretion here could have long-lasting consequences for a 14-year old child who will deal with the </span><a href="http://www.sun-sentinel.com/news/florida/sfl-felon-voting-rights-20150121-htmlstory.html"><span>consequences</span></a><span> of a felony­­—difficult job prospects, loss of voting rights, inability to carry a firearm, etc.—for a juvenile prank.</span></p>
<p><span>Charging decisions and punishment should be proportional to the harm a person causes. The only thing that “making an example” out of Domanik Green accomplishes is to make an example of how out of whack our computer crime laws—and the prosecutorial discretion that accompanies it—are. We call on Pasco County to do the sensible thing and not ruin Domanik Green’s life. This is not justice.</span></p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=Is+This+Justice%3F+Charging+an+Eighth+Grader+with+a+Felony+for+%E2%80%9CHacking%E2%80%9D+https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F04%2Fjustice-charging-eight-grader-felony-hacking" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F04%2Fjustice-charging-eight-grader-felony-hacking&t=Is+This+Justice%3F+Charging+an+Eighth+Grader+with+a+Felony+for+%E2%80%9CHacking%E2%80%9D" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F04%2Fjustice-charging-eight-grader-felony-hacking" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=Is This Justice%3F Charging an Eighth Grader with a Felony for %E2%80%9CHacking%E2%80%9D&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F04%2Fjustice-charging-eight-grader-felony-hacking" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 17 Apr 2015 18:24:30 +0000Amul Kalia85489 at https://www.eff.orgViolating an Employer’s Computer Use Restriction Is Not a Federal Crimehttps://www.eff.org/es/deeplinks/2015/03/violating-employers-computer-use-restriction-not-federal-crime
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><span data-mce-mark="1">Ugly facts often make bad law. But it's important to not let opinions about the specific defendants that appear in court influence how the law will be applied to millions of other individuals. That’s why today, EFF filed an <a href="https://www.eff.org/document/eff-cdt-nacdl-scholars-cfaa-valle-amicus-brief"><span data-mce-mark="1"><span data-mce-mark="1">amicus</span> brief</span></a> urging the Second Circuit Court of Appeals to overturn a dangerous <a href="https://www.eff.org/document/district-court-valle-opinion">decision</a> that would make employees criminally liable under the </span><a href="https://www.eff.org/issues/cfaa"><span data-mce-mark="1"><span data-mce-mark="1">Computer Fraud and Abuse Act (“<span data-mce-mark="1">CFAA</span>”)</span></span></a><span data-mce-mark="1"> for violating an employer’s computer use restriction.</span></p>
<p class="MsoNormal"><span data-mce-mark="1"></span><span data-mce-mark="1">The case, <a href="https://www.eff.org/cases/united-states-v-gilberto-valle"><i><span data-mce-mark="1">United States v. Gilberto <span data-mce-mark="1">Valle</span></span></i></a>, has already received a lot of attention in the press, as it involves the so-called “</span><a href="http://nymag.com/news/features/cannibal-cop-2014-1/index1.html"><span data-mce-mark="1">cannibal cop</span></a><span data-mce-mark="1"><span data-mce-mark="1">,” a New York City police officer who was charged with conspiracy to kidnap as a result of his participation in chat rooms on fantasy role-playing fetish websites involving cannibalism. Given the unfortunate facts and sensational headlines, many people did not realize that <span data-mce-mark="1">Valle</span> was also charged with violating the <span data-mce-mark="1">CFAA</span> for accessing a police database to look up information about people without a valid law enforcement purpose, in violation of <span data-mce-mark="1">NYPD</span> policy. The jury convicted <span data-mce-mark="1">Valle</span> on all counts, but the trial court </span></span><a href="http://www.nytimes.com/2014/07/02/nyregion/officer-gilberto-valle-freed-after-conviction-overturned-in-cannibal-case.html"><span data-mce-mark="1">reversed the jury's conspiracy verdict</span></a><span data-mce-mark="1"><span data-mce-mark="1">, stating that “the nearly yearlong kidnapping conspiracy alleged by the government is one in which no one was ever kidnapped, no attempted kidnapping ever took place, and no real-world, non-Internet-based steps were ever taken to kidnap anyone.” It ultimately believed that finding <span data-mce-mark="1">Valle</span> guilty of conspiracy would make him guilty of </span></span><a href="http://en.wikipedia.org/wiki/Thoughtcrime"><span data-mce-mark="1"><span data-mce-mark="1"><span data-mce-mark="1">thoughtcrime</span></span></span></a><span data-mce-mark="1"> (and we’ll have more to say about that soon).</span></p>
<p class="MsoNormal"><span data-mce-mark="1"></span><span data-mce-mark="1"><span data-mce-mark="1">Despite acquitting <span data-mce-mark="1">Valle</span> on the conspiracy charge, the court upheld the <span data-mce-mark="1">CFAA</span> conviction, believing that the restrictions placed on <span data-mce-mark="1">Valle</span> concerning the database—which permitted him to access any part of the database as long as it was for a valid law enforcement purpose—was an access restriction, not a use restriction, simply because of the way the restriction was phrased. The distinction between "access" and "use" restrictions is critical because serious prison time is at stake. Congress clearly intended the <span data-mce-mark="1">CFAA</span> to criminalize the act of breaking into computer systems a person is not allowed to be in otherwise, but violating a use restriction</span></span><span data-mce-mark="1">—</span><span data-mce-mark="1">a (usually written) policy that governs the purposes for which someone can use their access</span><span data-mce-mark="1">—</span><span data-mce-mark="1">is clearly not that.</span></p>
<p class="MsoNormal"><span></span><span>Now with </span><span><span><span>Valle</span><span>'s case before the Second Circuit, we filed an </span></span><a href="https://www.eff.org/document/eff-cdt-nacdl-scholars-cfaa-valle-amicus-brief"><span><span><span><span>amicus</span></span></span> brief</span></a>, joined by the <a href="https://cdt.org/">Center for Democracy &amp; Technology</a>, <a href="http://www.nacdl.org/">National Association of Criminal Defense Lawyers</a><span> and a number of Internet scholars and professors, arguing that <span>Valle</span> did not violate the <span><span><span>CFAA</span></span></span>. Our brief explains that </span></span><span><span><span><span>although</span></span> the restriction was phrased in terms of “access”—according to <span><span><span>NYPD</span></span></span> policy, the database could be accessed only “in the course of [an officer’s] official duties and responsibilities”—a computer use restriction is not an access restriction simply because it is phrased as such. True access restrictions are code-based, technological barriers to entry, not a contractual agreement about the purposes for which a person will use their access. Although Valle’s actions may have been valid grounds for discipline or even termination from the <span><span><span>NYPD</span></span></span>, a violation of an employer’s computer use policy is not a <span><span><span>CFAA</span></span></span> violation—even if the employer is a police department. </span></span><span>The district court’s conclusion to the contrary is at odds with many other court decisions that have found that violating a computer use restriction is <i>not</i><span> a <span><span><span>CFAA</span></span></span> violation, including the Ninth Circuit Court of Appeals’ decision in </span></span><a href="https://www.eff.org/cases/u-s-v-nosal"><i><span><span>United States v. <span><span><span>Nosal</span></span></span></span></span></i></a><span><span>, another <span><span><span>CFAA</span></span></span> case where we’ve filed </span><a href="https://www.eff.org/node/58053">multiple</a> <a href="https://www.eff.org/node/58512"><span><span><span><span>amicus</span></span></span></span></a> <a href="https://www.eff.org/document/eff-amicus-brief-2014">briefs</a>.</span></p>
<p class="MsoNormal"><span data-mce-mark="1"></span><span data-mce-mark="1">Most critically, the court set a dangerous precedent. As we’ve <a href="https://www.eff.org/deeplinks/2013/04/until-today-if-you-were-17-it-could-have-been-illegal-read-seventeencom-under-cfaa">repeatedly</a> <a href="https://www.eff.org/deeplinks/2011/05/do-over-please-eff-asks-court-revisit-ruling-disloyal-employees">warned</a><span data-mce-mark="1">, this theory of <span data-mce-mark="1">CFAA</span> liability gives employers and website owners the power to make behavior illegal through simply adopting use restrictions in their corporate policies or terms of use, which in turn criminalizes a broad range of innocuous everyday behaviors—like checking personal email or the score of a baseball game. We hope the Second Circuit will look past the ugly facts surrounding Valle’s specific case and recognize that the district court’s error impacts millions of employees and Internet users. </span></span><span data-mce-mark="1">The Second Circuit should hear oral argument in the case sometime this summer.</span></p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/cases/united-states-v-gilberto-valle">United States v. Gilberto Valle</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=Violating+an+Employer%E2%80%99s+Computer+Use+Restriction+Is+Not+a+Federal+Crime+https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F03%2Fviolating-employers-computer-use-restriction-not-federal-crime" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F03%2Fviolating-employers-computer-use-restriction-not-federal-crime&t=Violating+an+Employer%E2%80%99s+Computer+Use+Restriction+Is+Not+a+Federal+Crime" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F03%2Fviolating-employers-computer-use-restriction-not-federal-crime" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=Violating an Employer%E2%80%99s Computer Use Restriction Is Not a Federal Crime&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F03%2Fviolating-employers-computer-use-restriction-not-federal-crime" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 09 Mar 2015 21:02:22 +0000Hanni Fakhoury and Jamie Williams84942 at https://www.eff.orgObama's Computer Security Solution is a Mishmash of Old, Outdated Policy Solutionshttps://www.eff.org/es/deeplinks/2015/01/obamas-computer-security-solution-mish-mash-old-outdated-policy-solutions
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>The Obama Administration is on a roll with <a href="http://www.whitehouse.gov/omb/legislative_letters">proposing legislation</a> that endangers our privacy and security. Over the course of two days, President Obama proposed a cybersecurity bill that looks awfully similar to the now infamous <a href="https://www.eff.org/cybersecurity-bill-faq">CISPA</a> (with respect to information sharing), a computer crime bill that is the opposite of our own <a href="https://www.eff.org/issues/cfaa">proposed</a> computer crime reform, and a data breach law weaker than the current status quo. All three of the bills are recycled ideas that have failed in Congress since their introduction in 2011. They should stay on the shelf.</p>
<p><b>Zombie Bill Dead in 2013, Stumbles from the Grave in 2015</b></p>
<p>Every year for <a href="https://www.govtrack.us/congress/bills/112/s2105/text">the</a> <a href="https://www.govtrack.us/congress/bills/111/s773">past</a> <a href="https://www.govtrack.us/congress/bills/113/s1353">four</a> <a href="https://beta.congress.gov/bill/113th-congress/house-bill/624">years</a> we've seen at least one cybersecurity "information sharing" bill introduced in Congress. Unfortunately, those bills were deeply flawed: they were redundant, offered <a href="https://www.eff.org/cybersecurity-bill-faq#triggers">new authorities</a> that could be abused by companies to spy on users, and offered <a href="https://www.eff.org/deeplinks/2013/03/consequences-cispas-broad-legal-immunity">broad legal immunity</a> for disclosing the information obtained with the government. Sometimes they even granted companies the ability to "<a href="https://www.eff.org/deeplinks/2012/04/cispa-national-security-and-nsa-ability-read-your-emails">hack back</a>." They were a perfect storm threatening our online privacy.</p>
<p>This time, it's not the House Intelligence Committee proposing the bill, but President Obama. And to the president’s credit, this bill doesn’t authorize or immunize any new monitoring or collection activity. But the administration's bill is still similar to CISPA as it grants broad legal immunity for transmitting "cyber threat indicators"—which could include your communications—to the Department of Homeland Security (DHS) and private sector information sharing hubs called information sharing and analysis organizations.</p>
<p>The president's <a href="http://www.whitehouse.gov/the-press-office/2011/05/12/fact-sheet-cybersecurity-legislative-proposal">press release</a> is noticeably silent on why the <a href="https://www.eff.org/deeplinks/2015/01/congress-should-say-no-cybersecurity-information-sharing-bills">current information sharing regimes</a> aren't adequate. Companies can already share information through <a href="http://www.isaccouncil.org/aboutus.html">Information Sharing and Analysis Centers</a> (ISACs), public reports, private communications, and the DHS's <a href="http://www.dhs.gov/publication/enhanced-cybersecurity-services-documents">Enhanced Cybersecurity Services</a>. The bill is also peculiar since President Obama previously <a href="http://www.presidency.ucsb.edu/ws/index.php?pid=103510">issued a veto threat</a> against CISPA due to privacy concerns.</p>
<p>The proposal also mandates the Director of National Intelligence, Attorney General, and DHS to create privacy guidelines for collecting and sharing cyber threat indicators; however, we're skeptical the guidelines will provide any semblance of privacy, because even if they’re well crafted, there’s no way to know whether the guidelines are being followed or enforced. Also, these are the same offices that were supposed to create "privacy protections" (aka minimization procedures) in the <a href="https://www.eff.org/foia/section-215-usa-patriot-act">surveillance</a> <a href="https://www.eff.org/document/702-one-pager-adv">context</a>. The result? Guidelines that are <a href="https://www.eff.org/deeplinks/2013/06/recently-revealed-nsa-procedures-likely-ones-found-unconstitutional-fisa-court">littered with</a> <a href="https://www.eff.org/deeplinks/2013/06/depth-review-new-nsa-documents-expose-how-americans-can-be-spied-without-warrant">loopholes</a> to keep the very information the agencies aren't supposed to have: innocent users' personal information.</p>
<p><b>When The DOJ Says "Modernizing" They May Mean "We Can Charge a 10 Years Felony for Sharing Your HBO GO Password" </b></p>
<p>The Obama Administration also proposed to "modernize" the <a href="https://www.eff.org/issues/cfaa">Computer Fraud and Abuse Act</a> (CFAA), the law notoriously used in the aggressive prosecution of the late <a href="https://www.eff.org/deeplinks/2013/01/farewell-aaron-swartz">Aaron Swartz</a>. The Administration's proposal introduces ideas from May 2011 that—similar to information sharing bills—have been <a href="https://www.eff.org/deeplinks/2013/04/huffington-post-credits-internet-activists-major-victory-stopping-bad-cfaa-bill">defeated</a> year in and year out. It's shocking in light of the Aaron Swartz prosecution that the Administration is proposing to double, and in one case triple, the already <a href="https://www.eff.org/deeplinks/2013/04/cfaas-excessive-criminalization">draconian</a> and <a href="https://www.eff.org/deeplinks/2013/04/cfaas-excessive-criminalization">redundant</a> penalties under the CFAA.</p>
<p>Under the Administration's proposal, the Department of Justice could get creative and threaten up to 10 years in prison if you know your friend will use one of your passwords you shared with them—even if you have no “intent to defraud,” important limiting language the Administration wants removed from the statute.</p>
<p>What might be worse is that the Administration expands one of the bill's central definitions—"exceeds authorized access"—to include any access that the person may know the computer owner hasn't authorized. This radically changes the CFAA and makes it even more dangerous. This is contrary to rulings in both the Ninth and Fourth Circuits, which recognized that terms of service should not be enforced criminally.</p>
<p>Both provisions may chill the computer security research that is a central part of our best defense against computer crime. First, the password clause expands the provision from criminalizing sharing passwords to sharing other “means of access,” while “having reason to know” it might be misused. Second, the expansion of the definition may impact researchers who commonly scan public websites to detect potential vulnerabilities. These researchers should not have to face a felony charge if a prosecutor thinks they should have known the site prohibited scanning. It a cause for concern as recent history has shown that aggressive prosecutors are willing to stretch the CFAA language. Vulnerability research and disclosure will be chilled, even if the researcher would ultimately win the trial.</p>
<p>The proposal is in direct contradiction to EFF's own proposal to <a href="https://www.eff.org/deeplinks/2013/01/these-are-critical-fixes-computer-fraud-and-abuse-act">reform the CFAA</a>. Our reform <a href="https://www.eff.org/deeplinks/2013/01/rebooting-computer-crime-law-part-1-no-prison-time-for-violating-terms-of-service">ensures</a> violations of contractual obligations like a website's terms of service are not the basis for criminal charges, <a href="https://www.eff.org/deeplinks/2013/01/rebooting-computer-crime-law-part-1-no-prison-time-for-violating-terms-of-service">clarifies</a> key definitions in the CFAA, and <a href="https://www.eff.org/deeplinks/2013/02/rebooting-computer-crime-part-3-punishment-should-fit-crime">makes</a> the criminal penalties proportionate to the offense.</p>
<p><b>The Administration's Data Breach Proposal<br /></b></p>
<p>President Obama also touched on data breaches. Consumers have a right to know when their data is exposed, whether through corporate misconduct, malicious hackers, or under other circumstances. But most states already have breach notification laws, so we think any legislation must be as strong as existing law and must preserve a state’s power to protect its own residents. President Obama's legislation fails on both accounts.</p>
<p>The legislation proposed by President Obama would force companies handling 10,000 or more customers' information (during a 12-month period) to disclose data breaches within 30 days. Companies are allowed a few exceptions to the disclosure, but will be overseen by the Federal Trade Commission to ensure they comply. In an attempt to normalize across the land, the law would trump all state data breach laws—including stronger ones—and allow the government to stop any action brought by a state attorney general.</p>
<p>Under California law, for example, businesses must provide notice of a breach “in the most expedient time possible and without unreasonable delay,” unless law enforcement determines that notification will impede a criminal investigation. Companies must also notify the California Attorney General if over 500 users' unencrypted information is breached.</p>
<p>The Administration’s proposed standard is weak. Ideally, it would have proposed a “floor,” not a “ceiling,” allowing states like California to be more privacy protective and not depriving state attorneys general from being able to take meaningful action.</p>
<p><b>Recycled Ideas</b></p>
<p>As we mentioned in our <a href="https://www.eff.org/deeplinks/2015/01/eff-statement-president-obamas-cybersecurity-legislative-proposal">initial reaction</a> to the Administration's proposal, many of these ideas are recycled relics that should remain in the past. Before tackling information sharing bills, companies need to address the low-hanging security fruit like making sure passwords aren't sent in unencrypted emails and employees don't download malware. We also need more participation in the <a href="http://www.isaccouncil.org/aboutus.html">already existing</a> <a href="http://www.dhs.gov/publication/enhanced-cybersecurity-services-documents">information sharing regimes</a>. When it comes to the CFAA, the administration has moved in the opposite direction as advocates. Prosecutions like the <a href="https://www.eff.org/issues/cfaa">Aaron Swartz</a> and <a href="https://www.eff.org/cases/us-v-auernheimer">Andrew Auernheimer</a> case provide evidence for clarifying unauthorized access (and not expanding it) and decreasing the already draconian penalties (and not increasing them).</p>
<p>There is more work to be done to protect cyberspace and enhance computer security, but the Administration's proposals do not move us towards that goal, and could cause great harm, too.</p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/mass-surveillance-technologies">Mass Surveillance Technologies</a></div><div class="field-item odd"><a href="/es/issues/privacy">Privacy</a></div><div class="field-item even"><a href="/es/issues/cyber-security-legislation">Cyber Security Legislation</a></div><div class="field-item odd"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=Obama%27s+Computer+Security+Solution+is+a+Mishmash+of+Old%2C+Outdated+Policy+Solutions+https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F01%2Fobamas-computer-security-solution-mish-mash-old-outdated-policy-solutions" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F01%2Fobamas-computer-security-solution-mish-mash-old-outdated-policy-solutions&t=Obama%27s+Computer+Security+Solution+is+a+Mishmash+of+Old%2C+Outdated+Policy+Solutions" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F01%2Fobamas-computer-security-solution-mish-mash-old-outdated-policy-solutions" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=Obama%27s Computer Security Solution is a Mishmash of Old%2C Outdated Policy Solutions&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F01%2Fobamas-computer-security-solution-mish-mash-old-outdated-policy-solutions" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 16 Jan 2015 17:36:19 +0000Mark Jaycox and Lee Tien83898 at https://www.eff.orgEFF Statement on President Obama's Cybersecurity Legislative Proposalhttps://www.eff.org/es/deeplinks/2015/01/eff-statement-president-obamas-cybersecurity-legislative-proposal
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>More needs to be done to protect cyberspace and enhance computer security. But President Obama's cybersecurity legislative proposal recycles old ideas that should remain where they've been since May 2011: on the shelf. Introducing information sharing proposals with broad liability protections, increasing penalties under the already draconian Computer Fraud and Abuse Act, and potentially decreasing the protections granted to consumers under state data breach law are both unnecessary and unwelcome.</p>
<p><strong>Information Sharing</strong></p>
<p>The status quo of overweening national security and law enforcement secrecy means that expanded information sharing poses a serious risk of transferring more personal information to intelligence and law enforcement agencies. Given that the White House rightly criticized CISPA in 2013 for potentially facilitating the unnecessary transfer of personal information to the government or other private sector entities when sending cybersecurity threat data, we’re concerned that the Administration proposal will unintentionally legitimize the approach taken by these dangerous bills. </p>
<p>Instead of proposing unnecessary computer security information sharing bills, we should tackle the low-hanging fruit. This includes strengthening the current information sharing hubs and encouraging companies to use them immediately after discovering a threat. As we've <a href="https://www.eff.org/deeplinks/2015/01/congress-should-say-no-cybersecurity-information-sharing-bills">previously noted</a>, much information is being shared through <a href="http://www.isaccouncil.org/aboutus.html">Information Sharing and Analysis Centers</a> (ISACs), public reports, private communications, and the DHS's <a href="http://www.dhs.gov/publication/enhanced-cybersecurity-services-documents">Enhanced Cybersecurity Services</a>. All of these institutions represent robust information sharing hubs that are underutilized and underresourced. It also includes persistent education of end users since it's well known that many security breaches are <a href="http://www.emc.com/emc-plus/rsa-thought-leadership/online-fraud/index.htm">due</a> to employees downloading malware. Yet another key solution is to follow basic security precautions. <i>The New York Times</i> <a href="https://www.eff.org/deeplinks/2015/01/%3Fref=technology">reported</a> the JP Morgan hack occurred due to an un-updated server.</p>
<p><strong>Increased Criminalization</strong></p>
<p>The administration's proposals to increase penalties in the Computer Fraud and Abuse Act are equally troubling. We agree with the President: "Law enforcement must have appropriate tools to investigate, disrupt and prosecute cyber crime;" however, the past two years of surveillance disclosures has shown law enforcement certainly doesn’t need more legal authorities to conduct digital surveillance or prosecute criminals. As former White House Chief Counselor for Privacy <a href="http://www.peterswire.net/psresumebio.htm">Peter Swire</a> said in 2011, "<a href="https://www.cdt.org/blogs/2811going-dark-versus-golden-age-surveillance">today [is] a golden age for surveillance</a>. And when it comes to increased criminalization, we've often noted the already <a href="https://www.eff.org/deeplinks/2013/04/cfaas-excessive-criminalization">excessive—and redundant—</a>penalties for crimes performed with computers.</p>
<p><strong>Federal Data Breach Law</strong></p>
<p>The President's legislative proposal also follows up on yesterday's announcement to pursue a federal data breach law. Consumers have a right to know when their data is exposed, whether through corporate misconduct, malicious hackers, or under other circumstances. Over 38 states already have some form of breach notification law—so the vast majority of Americans already get some protection on this score. While the President has not yet released detailed legislative language, the Administration's <a href="http://www.whitehouse.gov/the-press-office/2011/05/12/fact-sheet-cybersecurity-legislative-proposal">May 2011 Cybersecurity legislative proposal</a> would preempt state notification laws, removing the strong California standard and replacing it with a weaker standard. Any such proposal should not become a backdoor for weakening transparency or state power, including the power of state attorneys general and other non-federal authorities to enforce breach notification laws. </p>
<p>Many of these proposals are old ideas from the administration's May 2011 Cybersecurity legislative proposal and should be viewed skeptically. While the Administration information sharing proposal may have better privacy protections than dangerously drafted bills like <a href="https://www.eff.org/cybersecurity-bill-faq">CISPA</a>, we think the initial case for expanding information sharing requires much less secrecy about how intelligence and law enforcement agencies collect and use data on our networks. And instead of increasing penalties under the Computer Fraud and Abuse Act, we've long <a href="https://www.eff.org/issues/cfaa">advocated</a> common sense reform to decrease them.</p>
<p>As with any legislation, the devil is in the details, and we'll continue to monitor the situation.</p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/cyber-security-legislation">Cyber Security Legislation</a></div><div class="field-item odd"><a href="/es/issues/security">Security</a></div><div class="field-item even"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=EFF+Statement+on+President+Obama%27s+Cybersecurity+Legislative+Proposal+https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F01%2Feff-statement-president-obamas-cybersecurity-legislative-proposal" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F01%2Feff-statement-president-obamas-cybersecurity-legislative-proposal&t=EFF+Statement+on+President+Obama%27s+Cybersecurity+Legislative+Proposal" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F01%2Feff-statement-president-obamas-cybersecurity-legislative-proposal" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=EFF Statement on President Obama%27s Cybersecurity Legislative Proposal&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2015%2F01%2Feff-statement-president-obamas-cybersecurity-legislative-proposal" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 13 Jan 2015 16:18:23 +0000Mark Jaycox and Lee Tien83852 at https://www.eff.orgPassword Sharing Isn’t a Crime, EFF Tells Ninth Circuithttps://www.eff.org/es/password-sharing-is-not-a-crime
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">How many times have you logged into a computer or website with someone else’s name and password—maybe to retrieve information for a spouse or a friend—completely with their permission?<span> </span>Can you imagine spending a year in prison for that? It sounds ridiculous. That’s why EFF filed a “friend of the court” <a href="https://www.eff.org/document/eff-amicus-brief-2014">brief</a> in <a href="https://www.eff.org/cases/u-s-v-nosal"><i>United States v. Nosal</i></a> this week urging the Ninth Circuit to overturn a troubling conviction under the <a href="http://www.law.cornell.edu/uscode/text/18/1030">Computer Fraud and Abuse Act</a> (CFAA).</p>
<p class="MsoNormal">David Nosal worked for Korn/Ferry, an executive recruiting company. Korn/Ferry had a proprietary database of information that, under corporate policy, employees could only use for official Korn/Ferry business. After Nosal left to start his own recruiting company, the government claimed he violated the CFAA when he allegedly convinced other ex-employees of Korn/Ferry to access the database by using a current Korn/Ferry employee’s access credentials, with that employee’s knowledge and permission. The district court refused to dismiss the charges, ruling that the act of using someone else’s computer login credentials, even with their knowledge and permission, is a federal crime. Nosal was convicted by a jury, sentenced to one year in prison, and ordered to pay a $60,000 fine and nearly $830,000 to Korn/Ferry in restitution.</p>
<p class="MsoNormal">Nosal appealed his conviction to the Ninth Circuit Court of Appeals, and we’ve filed an <a href="https://www.eff.org/document/eff-amicus-brief-2014">amicus brief</a> in support, explaining why the government’s CFAA theory here is dangerous. First, CFAA prosecutions should be focused on hacking: keeping unwanted and unauthorized people from intruding into computer space. But the district court believed the CFAA did not require the government prove there was any “hacking” or the circumvention of a technological barrier to access. That mistake made it easier for the government to prove its case and keeps the CFAA dangerously broad and vague. Second, using an authorized user’s credentials <i>with their permission</i> is not circumventing a technological access barrier. Instead, when a person uses another individual’s password, they effectively act as the authorized user’s agent. To the extent that the authorized Korn/Ferry user was not allowed to share her password, that is simply a violation of Korn/Ferry’s computer use policy—not a violation of criminal law.</p>
<p class="MsoNormal">If that last part about terms of service sounds familiar, that’s because this is the third amicus brief EFF has filed in this long-running case. We filed two amicus briefs (<a href="https://www.eff.org/node/58053">here</a> and <a href="https://www.eff.org/node/58512">here</a>) in connection with Nosal’s first trip to the Ninth Circuit, which resulted in an <a href="https://www.eff.org/document/ninth-circuit-en-banc-opinion">extremely important 2012 opinion</a>, with the Ninth Circuit, en banc, ruling that disloyal employees who access workplace computers in violation of corporate policy or use restrictions are <u>not</u> violating the CFAA. Crucial to that 2012 decision was the court’s valid fear of expanding the CFAA far beyond the anti-hacking purpose intended by Congress. We should not make criminals out of millions of law-abiding workers for innocent activities like sending a personal e-mail or checking sports scores from a work computer.</p>
<p class="MsoNormal">But in some ways the court is now back where it started. Once again, the Ninth Circuit is confronted with an expansive interpretation of the CFAA that criminalizes common, innocuous behavior, like logging in to a spouse’s Facebook account with their permission. While using someone else’s password <i>without</i> their knowledge and permission is certainly bypassing a technological barrier to access, using login credentials with someone’s permission is not inherently illegal. The government’s theory ultimately turns on the fact that Korn/Ferry prohibits employees from sharing their login credentials with others, but as the Ninth Circuit previously held in this very case, violations of corporate policy cannot be the basis for CFAA liability.</p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/terms-of-abuse">Terms Of (Ab)Use</a></div><div class="field-item odd"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/cases/u-s-v-nosal">United States v. David Nosal</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=Password+Sharing+Isn%E2%80%99t+a+Crime%2C+EFF+Tells+Ninth+Circuit+https%3A%2F%2Fwww.eff.org%2Fes%2Fpassword-sharing-is-not-a-crime" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fpassword-sharing-is-not-a-crime&t=Password+Sharing+Isn%E2%80%99t+a+Crime%2C+EFF+Tells+Ninth+Circuit" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fpassword-sharing-is-not-a-crime" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=Password Sharing Isn%E2%80%99t a Crime%2C EFF Tells Ninth Circuit&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fpassword-sharing-is-not-a-crime" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Thu, 11 Dec 2014 13:31:44 +0000Hanni Fakhoury and Jamie Williams83537 at https://www.eff.orgHost a Screening and Discussion About The Internet’s Own Boyhttps://www.eff.org/es/deeplinks/2014/09/host-screening-and-discussion-about-internets-own-boy
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>If you’ve haven’t had a chance to see the incredible documentary <a href="https://www.eff.org/deeplinks/2014/08/aaron-swarts-work-internets-own-boy"><i>The Internet’s Own Boy</i></a>, then go do that as soon as possible. It’s wonderful. And if you have seen it, encourage your friends to watch it too. </p>
<p>One of the best things you can do after seeing the film is organize a screening for your community. To help, we made some tips on how to host a successful viewing party and put together some questions to help guide a thoughtful discussion after the film.</p>
<p>You can <a href="https://www.eff.org/document/internets-own-boy-discussion-guide">download and print</a> the discussion questions below to take with you to the screening. We also have a <a href="https://www.eff.org/document/sample-email-sign-sheet">template email sign-up sheet</a> to help you jumpstart a local mailing list of people in your community who want to <a href="https://eff.org/engage">engage deeper</a> in the movement to defend our digital rights.</p>
<p><b>Organize a Successful Screening</b></p>
<p>Organizing a viewing party for <i>The Internet’s Own Boy</i> boils down to finding a date and a space with the proper projection equipment and doing outreach.</p>
<p>Decide if you’d like to have an open discussion afterwards with everyone, or a more organized event, such as a panel discussion featuring local activists and experts that can delve deeper into the issues discussed in the film. Some ideas for speakers include local professors, librarians, or digital rights activists in your community. Feel free to email <a href="mailto:april@eff.org">april@eff.org</a> if you’d like help finding good speakers in your area.</p>
<p>For whatever you decide, here’s a short checklist of everything you’ll want to make sure to have squared away before promoting the event:</p>
<ul><li><b>Venue</b>: Is it the proper size for the expected crowd?</li>
<li><b>Screening equipment</b>: Is there a projector, the proper cables and a sound system? If needed, are there microphones?</li>
<li><b>Seating</b>: Be sure that there are enough chairs or places for people to lounge.</li>
<li><b>Timing: </b>Find a date and time that will be most likely to accommodate the most people.</li>
</ul><p>Next you’ll want to think about promotion. If it’s a larger, public event, consider submitting a listing to your local weekly paper and getting on their calendar. You may also want to get on the calendar for your community or college radio station. Make flyers, post them around town, and be sure to promote heavily on social media. Event pages on social media sites are often very useful.</p>
<p>There might also be some local mailing lists or community leaders who can share the event with their crew.</p>
<p><b>Materials for Your Screening</b></p>
<p>You’ll most likely want a number of promotional materials, like images and graphics to share online. Printing some physical flyers and posters might also be helpful. The Internet Archive has <a href="https://archive.org/movies/thumbnails.php?identifier=TheInternetsOwnBoyTheStoryOfAaronSwartz">thumbnail images</a> from the film that you can use to create flyers.</p>
<p>Also, don’t forget to have an <a href="https://www.eff.org/document/sample-email-sign-sheet">email sign-up sheet</a>. After the screening, you can use it to start a mailing list to share news and organize future digital rights events and actions.</p>
<p>Many may wish for some informational resources to get a better grasp of the issues discussed in the film. Here’s a list to links of one-pagers you can have on-hand and printed.</p>
<ul><li>The Computer Fraud and Abuse Act (<a href="https://www.eff.org/document/student-activism-fix-cfaa">PDF</a>)</li>
<li>Demand Open Access to Research (<a href="https://www.eff.org/document/student-activism-open-access">PDF)</a></li>
<li>End the NSA’s Illegal Spying (<a href="https://www.eff.org/document/nsa-surveillance-demand-accountability">PDF</a>)</li>
<li>Coders’ Rights Project (<a href="https://www.eff.org/document/coders-rights-project">PDF</a>)</li>
</ul><p><b>Discussion Questions</b></p>
<p><i>The Internet’s Own Boy</i> raises many important questions on topics that may be new to some viewers. Whether you’re watching this in a classroom or in a community setting, these questions can help to guide a discussion after the film. We recommend reading <a href="https://www.eff.org/deeplinks/2014/08/aaron-swarts-work-internets-own-boy">our explanation</a> of some of the issues raised in the film before leading a discussion.</p>
<p><em>Creative Commons:</em></p>
<ul><li>Has anyone in the room used or reused a creative work without knowing the copyright?</li>
<li>What would an Internet without homemade music videos and memes made from screenshots be like? What if everyone always had to ask for permission first?</li>
<li>Does fair use of creative works really make it impossible for the creators of those works to make a living? Who actually makes money off of copyright?</li>
</ul><p><em>Open Access and Open Government:</em></p>
<ul><li>Does anyone have a story to share about trying to access resources that are supposed to be a matter of public record, like court documents?</li>
<li>How are some communities disproportionally affected by policies that close access to information?</li>
</ul><p><em>Stopping SOPA:</em></p>
<ul><li>Anyone remember the Stop Online Privacy Act (SOPA) or what it was like to see a website blacked out? What lessons did the Stop SOPA campaign teach us?</li>
<li>What is the relationship between copyright and censorship?</li>
</ul><p><em>The Computer Fraud and Abuse Act (CFAA):</em></p>
<ul><li>According to the government, it is illegal under the CFAA to violate a website’s terms of service. Does knowing this mean that any of us will start to read the terms of service?</li>
<li>Does knowing that there are such outdated and misused laws on the books have a chilling effect on your likelihood to share information?</li>
</ul><p><em>Next steps:</em></p>
<ul><li>Does your university have an open access policy? Are you an artist who is going to start using Creative Commons?</li>
<li>What are your concerns about the future of the Internet? Are you ready to get involved in a digital campaign or contact your elected officials about your concerns?</li>
<li>If you want to get involved, but have reservations as to what to do next, what are those? What can we do to continue to raise awareness about these issues?</li>
<li>How will you keep learning about fair use and copyright, unjust computer crime laws, open access, and other digital rights issues?</li>
</ul><p><b>Follow up!</b></p>
<p>Be sure to <a href="https://www.eff.org/document/sample-email-sign-sheet">collect email address</a>es of everyone who came to the event and follow up by inviting them to join a <a href="https://eff.org/engage">mailing list</a>. Check back frequently on <a href="fight">EFF.org/fight</a> to learn about our many campaigns and ways to get involved in the fight to protect our digital rights.</p>
<p><strong> </strong></p>
<p></p><center><strong><a href="https://www.eff.org/deeplinks/2014/08/aaron-swarts-work-internets-own-boy">READ EFF'S VIEWING GUIDE TO LEARN MORE ABOUT THE DIGITAL RIGHTS ISSUES RAISED IN <em>THE INTERNET'S OWN BOY.</em></a></strong></center>
<p> </p>
<p> </p>
</div></div></div><div class="field field-name-field-issue field-type-taxonomy-term-reference field-label-above"><div class="field-label">Related Issues:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/es/issues/coica-internet-censorship-and-copyright-bill">SOPA/PIPA: Internet Blacklist Legislation</a></div><div class="field-item odd"><a href="/es/taxonomy/term/11131">Open Access</a></div><div class="field-item even"><a href="/es/issues/cfaa">Computer Fraud And Abuse Act Reform</a></div><div class="field-item odd"><a href="/es/fight">Student and Community Organizing</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/home?status=Host+a+Screening+and+Discussion+About+The+Internet%E2%80%99s+Own+Boy+https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2014%2F09%2Fhost-screening-and-discussion-about-internets-own-boy" target="_blank"><img src="/sites/all/themes/frontier/images/share/twitter16.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2014%2F09%2Fhost-screening-and-discussion-about-internets-own-boy&t=Host+a+Screening+and+Discussion+About+The+Internet%E2%80%99s+Own+Boy" target="_blank"><img src="/sites/all/themes/frontier/images/share/facebook.gif" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2014%2F09%2Fhost-screening-and-discussion-about-internets-own-boy" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/sites/all/themes/frontier/images/share/gplus-16.png" alt="Share on Google+"/></a> <a href="http://sharetodiaspora.github.com/?title=Host a Screening and Discussion About The Internet%E2%80%99s Own Boy&url=https%3A%2F%2Fwww.eff.org%2Fes%2Fdeeplinks%2F2014%2F09%2Fhost-screening-and-discussion-about-internets-own-boy" target="_blank"><img src="/sites/all/themes/frontier/images/share/diaspora-16.png" alt="Share on Diaspora" /></a>&nbsp;&nbsp;||&nbsp;&nbsp;<a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 03 Sep 2014 20:15:50 +0000April Glaser82076 at https://www.eff.org